"BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now," Schmidt tweeted. He added a link to Firefox's add-ons page which details that the Flash Player Plugin 18.0.0.203 (the most current and vulnerable version) has been blocked for users' protection.

The tweet was a little overly dramatic given that the move is only a stop-gap measure until Adobe releases a fix for the bugs. Apple has similarly blocked vulnerable versions of Flash Player in the past too -- a move that Adobe welcomed when Apple began the practice in 2012.

To clarify the matter, Schmidt later added: "Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities."

Adobe has promised patches for the two flaws, but the patches are yet to arrive. Security experts fear that hackers are already working to integrate attacks for the bug into exploit kits, which has already happened for one of the two new flaws.

The two Flash Player bugs (CVE-2015-5122 and CVE-2015-5123) were discovered by security researchers sifting through the 400GB of data from Italian surveillance software vendor Hacking Team which was leaked online last week.

Adobe has already published a patch for an earlier Flash bug, discovered last week in the Hacking Team's files, which formed part of its law enforcement product Remote Control System or 'Galileo'. That flaw was integrated into several exploit kits within hours of its discovery.

Due to the new Flash flaws, Facebook's chief security officer Alex Stamos this week called on Adobe to kill off Flash, which remains one of the most popular targets for hackers thanks its ubiquity on desktops.

Trend Micro, one of the firms that discovered one of the latest bugs, cautioned users to disable Flash until Adobe releases a patch. Trend Micro noted earlier this week that, unlike the first of the three Flash flaws from Hacking Team's files, the two most recent bugs have not been seen in active attacks and have not been integrated into exploit kits. However, that status changed after security researcher Kafeine discovered several exploits kits had bundled attacks for CVE-2015-5122 into their kits.